872 matches found
DEBIAN-CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor...
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor...
CVE-2017-14726
CVE-2017-14726 affects WordPress up to version 4.8.1; a cross-site scripting (XSS) vulnerability exists through shortcodes in the TinyMCE visual editor. Exploitation could occur in contexts where crafted shortcodes are processed by the editor, enabling an attacker to inject arbitrary HTML/JavaScr...
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Shopify: Tinymce 2.4.0
Hello, The following url https://app.shopify.com//services/mobileapp/rte Loads https://cdn.shopify.com/s/assets/mobileapp/rte-bundle-f044a6c638b6c0500848c772dd5c86bf0eb2b27516c0860c6d3ddafde42231e2.js which is a minified tinymce 2.4.0. This version of tinymce has known vulnerabilities but in orde...
Pluck CMS TinyMCE Cross-Site Scripting Vulnerability
Pluck CMS is a content management system CMS written in php.TinyMCE is one of the browser-based visual HTML editors. A cross-site scripting vulnerability exists in TinyMCE in Pluck CMS version 4.7.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2014-8707
Cross-site scripting XSS vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option...
Cross site scripting
Cross-site scripting XSS vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option...
CVE-2014-8707
Summary: CVE-2014-8707 is a cross-site scripting (XSS) vulnerability in TinyMCE within Pluck CMS version 4.7.2. The flaw allows remote authenticated users to inject arbitrary script/HTML via the TinyMCE “edit HTML source” option. The connected CNVD entry for Pluck CMS confirms a TinyMCE XSS issue...
Fedora Update for tinymce FEDORA-2016-8d8d7d6d47
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 25 Update: tinymce-4.5.1-1.fc25
TinyMCE is a platform independent web based Javascript HTML WYSIWYG editor control released as by Moxiecode Systems AB. It has the ability to convert HTML TEXTAREA fields or other HTML elements to editor instances. TinyMCE is very easy to integrate into other CMS systems...
Fedora 25 : tinymce (2016-8d8d7d6d47)
Update to 4.5.1. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
TinyMCE v3.2.x <= (AuthBypass/ShellUpload) Multiple Vulnerabilites
No description provided by source...
WordPress TinyMCE Plugin <= 3.5 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...
WordPress TinyMCE Plugin <= 3.5 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...
WordPress mb.miniAudioPlayer Plugin <= 1.4.2 - Unspecified Vulnerability
This plugin is prone to a TinyMCE Popup unspecified issue. Solution Update the plugin...
CVE-2012-0984
Multiple cross-site scripting XSS vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 touserid parameter to modules/pm/pmlite.php or the 2 currentfile, 3 imgcatid, or 4 target parameter to...
TinyMCE Advanced <= 4.1 - Setting Reset Cross-Site Request Forgery (CSRF)
The Advanced Editor Tools previously TinyMCE Advanced WordPress plugin was affected by a Setting Reset Cross-Site Request Forgery CSRF security vulnerability...
WordPress TinyMCE Advanced Plugin <= 4.1 - Cross Site Request Forgery
This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...
TinyMCE 3.5 - swfupload Cross-Site Scripting
The Ultimate TinyMCE WordPress plugin was affected by a swfupload Cross-Site Scripting security vulnerability...